[Bug 1790855] Re: [MIR] gpsd
Christian Ehrhardt
1790855 at bugs.launchpad.net
Wed Sep 19 06:01:02 UTC 2018
Hi,
I wanted to give an update on the current status.
First of all thanks Mathieu for the reivew.
1. Dependeny:
Yes we are only suggesting from chrony and don't "need" it in main for that (we do not intent to depend/recommened there). Instead we want to seed gpsd to be in main (no default install, just be in main) to make up for the lost function of Time-HW support due to the demotion of ntp.
2. python2 concerns
I agree to your concern to not add new py2, but we only want the gpsd package itself, not all the auxiliary tools in main. And this is a compiled binary, without any python. It will dpeend on libgpsd23 library, but that is non-python as well.
file $(dpkg -L libgps23 gpsd | xargs) | cut -c 42-108 | sort | uniq -c
7 ASCII text
3 ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamic
1 POSIX shell script, ASCII text executable
24 directory
7 gzip compressed data, max compression, from Unix, original size
1 symbolic link to ../libgps23/changelog.Debian.gz
1 symbolic link to libgps.so.23.0.0
1 0: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamic
1 gz: gzip compressed data, max compression, from Unix, original size
TL;DR: the binaries we want is gpsd + libgps23 (due to dependency), no
python concerns on these
3. Lintian warnings
You are right, I missed to check these (self-slap) I'd try to work on these somewhen next cycle to get things right.
Note to myself: the base package has a python recommends that is not required IMHO
I hope that after the work for #3 and my explanations for #1 and #2 above we are good from the MIR teams side.
Once I'm done on that I'll open it up for your re-review.
I talked with the security team and they will try to check the package. Hopefully we will get all together for 19.04 - updated packaging, apparmor profile, security review - and can then make this available in main.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gpsd in Ubuntu.
https://bugs.launchpad.net/bugs/1790855
Title:
[MIR] gpsd
Status in gpsd package in Ubuntu:
Incomplete
Bug description:
Availability: GPSD is available since quite a while and builds for all
architectures
Rationale:
- The package is the de-facto way to feed GPS HW-based time info into chrony which became the main NTP server with Bionic.
- All users using HW assisted NTP would be glad to have this in main
- It is not a dependency for chrony, but we'd seed it to get into main and add a suggest to chrony (while HW people want it the majority of the community is good without, so no depends/recommend)
- in some way the replacement ntp->chrony was only half of it as ntp had ntp-server AND GPS reading capabilties. This MIR fills the gap created by that.
Security:
- there two (fairly old) CVEs aganst GPSD
=> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=gpsd
- since the above nothing came up, the project itself is active and vital IMHO
=> https://www.openhub.net/p/gpsd
- One of the issues has a USN, maybe the security team remembers if that was ok or bad back then
=> https://usn.ubuntu.com/1820-1/
Quality assurance:
- After installing the package just needs to be told on which device to work, then it will gather GPS data (that is as minimal as it can be I'd think).
- no debconf on install
- long term this had a few crashes back in 2012-2014 but not much since then (a few actually unrelatred apport reports on postinst issues); nothing should stop considering this for main IMHO
=> https://bugs.launchpad.net/ubuntu/+source/gpsd
=> https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=yes&src=gpsd
- The one related important bug IMHO is bug 1790496 which will add apparmor to GPSD which I'd prefer when we grant it main (I wait on a security review there)
- "exotic hardware" is part of the GPSD story we (server team) have two kinds of receivers to test but there is a vast array of potential receivers which we will not be able to test all of them.
- a debian/watch file is in place
UI standards:
- not a UI package
Dependencies:
- Dependencies are sane (all in main and not deprecated)
GPSD:
Depends: netbase | systemd-sysv, lsb-base (>= 3.2-13), adduser (>= 3.34), libbluetooth3 (>= 4.91), libc6 (>= 2.27), libdbus-1-3 (>= 1.9.14), libusb-1.0-0 (>= 2:1.0.8), libgps23 (= 3.17-5build1)
Recommends: udev, python
LIBGPS23
Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.9.14), libstdc++6 (>= 5)
- There are a few universe build-depends, but nothing totally outdated IMHO
Standards compliance:
- meets the FHS
- follows (an older) standard 3.9.2
Maintenance:
- so far was mostly a sync, only now we pick up more work on it.
- DPB confirmed the server team would take over package subscription and maintainership as owning team
Background information:
Receiving GPS signals just to do so would be no core value of Ubuntu and not main-worthy. But being the de-facto way to feed the main ntp server (chrony) in Ubunutu with GPS data to improve time makes it a candidate.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gpsd/+bug/1790855/+subscriptions
More information about the foundations-bugs
mailing list